Algolia implements and maintains Security Measures that meet or exceed the security objectives required for SOC2 certification. Algolia may update or modify the Security Measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Services. These Security Measures are in effect on the DPA Effective Date. Capitalized terms used herein but not otherwise defined have the meaning given to them in the DPA.
Information Security Program
Algolia maintains geographically distributed data centers and stores all production data in physically secure data centers.
Algolia’s infrastructure has been designed to eliminate single points of failure and minimize the impact of anticipated environmental risks. This design allows Algolia to perform maintenance and improvements of the infrastructure with minimal impact on the production systems. All environmental equipment and facilities have documented preventative maintenance procedures that detail the process for and frequency of performance in accordance with the manufacturer’s or internal specifications.
All data centers are equipped with redundant power system with various mechanism to provide backup power, such as uninterruptible power supplies (UPS) batteries for short term blackouts, over voltage, under voltage or any power instabilities and diesel generators, for outages extending units of minutes, which allow the data centers to operate for days.
Server Operating System
Algolia uses a Linux based operating system for the application environment with a centrally managed configuration. Algolia has established a policy to keep systems up to date with necessary security updates.
Algolia replicates data across multiple system to help protect against accidental destruction of loss. Algolia has designed and regularly plans and tests its business continuity planning and disaster recovery programs.
Network and Transmission
Algolia uses industry standard encryption schemes and protocols to encrypt data transmissions between the data centers. This is intended to prevent reading, copying or modification of the data.
Algolia employs Intrusion detection system to provide insight into ongoing attack activities and to help remediate the attack faster.
Algolia’s security personnel will promptly react to discovered security incidents and inform the involved parties.
Algolia’s servers support HTTPS encryption, ephemeral elliptic curve Diffie-Hellman cryptographic key exchange signed with RSA and ECDSA and for supported clients also perfect forward secrecy (PFS) methods to help protect traffic against compromised key or cryptographic breakthrough. Algolia uses only industry standard encryption technologies.
Access and Site Controls
Data Center Security Operations. All data centers in use by Algolia maintain 24/7 on-site security operations responsible for all the aspects of physical data center security.
Data Center Access Procedures. Access to the datacenter follows Algolia’s Physical Security policy allowing only pre-approved authorized personnel to access the Algolia equipment.
Data Center Security. All data centers comply with or exceed the security requirements of SOC2. All data centers are equipped with CCTV, on-site security personnel and key card access system.